From owner-freebsd-questions@FreeBSD.ORG Sun Dec 5 23:24:56 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FD4916A4D8 for ; Sun, 5 Dec 2004 23:24:56 +0000 (GMT) Received: from ms-smtp-04.texas.rr.com (ms-smtp-04.texas.rr.com [24.93.47.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1A8C43D70 for ; Sun, 5 Dec 2004 23:24:55 +0000 (GMT) (envelope-from afabian@austin.rr.com) Received: from turingmachine.mentalsiege.net (cs70112247-52.austin.rr.com [70.112.247.52])iB5NOpJ5014487 for ; Sun, 5 Dec 2004 17:24:51 -0600 (CST) Received: from turingmachine.mentalsiege.net (turingmachine.mentalsiege.net [127.0.0.1])iB5NOFSk094784 for ; Sun, 5 Dec 2004 17:24:16 -0600 (CST) (envelope-from afabian@turingmachine.mentalsiege.net) Received: (from afabian@localhost)iB5NOEiK094779 for freebsd-questions@freebsd.org; Sun, 5 Dec 2004 17:24:14 -0600 (CST) (envelope-from afabian) Date: Sun, 5 Dec 2004 17:24:05 -0600 From: Adam Fabian To: freebsd-questions Message-ID: <20041205232405.GA94562@turingmachine.mentalsiege.net> Mail-Followup-To: freebsd-questions References: <1102283228.3822.18.camel@tower1.digitaloverload.local> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1102283228.3822.18.camel@tower1.digitaloverload.local> User-Agent: Mutt/1.5.6i X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: Re: FreeBSD or OpenBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Dec 2004 23:24:56 -0000 On Sun, Dec 05, 2004 at 12:47:08PM -0900, Damien Hull wrote: > 1. OpenBSD has good security > 2. Stable > 3. Firewall and routing support is built in > > Why I use FreeBSD > 1. Stable > 2. Ports tree has a lot of software > 3. I can upgrade to new versions > > Should I make the switch from FreeBSD to OpenBSD for my servers? DISCLAIMER: The question borders on flame-bait, and everything that follows here is my completely subjective opinion; it's here for anyone that finds it useful, may contain errors, and is based completely on my statistically insignificant experience using both systems. I'm not going to "advocate" one over the other, and I'm not interested in debating the subject. With that said... FreeBSD has excellent security. OpenBSD has proactively rabid security. (Which I don't mean to sound derogatory at all; sometimes it's what's called for.) That being said, your administration of the system is, in all likelihood, going to be a much larger factor than choosing OpenBSD or FreeBSD. Typically, servers only have a few packages and it's not very hard to simply download and compile the software yourself. To me, that mostly negates the advantage of FreeBSD's larger ports tree for a server. OpenBSD has just about every major package you'd expect to use on a server, also. There's also NetBSD's pkgsrc, which a release of will probably work for typical major server packages for either operating system. FreeBSD has imported OpenBSD's packet filter in 5.3. On a stock install of FreeBSD, you can kldload pf and start using it. Like security, excellent networking is a *BSD speciality, and either OS is likely going to satisfy all of your networking needs. I'd say this is another no-go for the list of criteria that actually matter. Here's my opinion of how these OS'es compare for a server. This is all purely subjective and based on my statistically insignificant experience with both OS'es. FreeBSD superior to OpenBSD: Speed (subjectively, FreeBSD is much faster) Documentation More "3rd party support" (freshports.org, freebsd-update, freebsd-diary) Ports tree UFS2 (background fsck) Fewer bugs (random, very minor stuff, like terminal emulation; can't remember any gross bugs in OpenBSD or anything like that) 2 year life on extended branches (compared to 1 year for an OpenBSD release) Source upgrades (OpenBSD offers no official support for the procedure, though it may well work.) Better x86 hardware support portaudit OpenBSD superior to FreeBSD: Security Multi-platform support GENERIC kernel supports just about everything Ports tree has neat, easy to use flavors feature Ports tree tied to particular version (almost no broken ports, ever) Encouraged use of binary packages Stringent adherence to license ideology (replace everything possible with BSD licensed equivalents, NDA's never acceptable, etc.) ksh shell in base system with nice tab-completion by default Better marketing (t-shirts, posters) Man pages are absolutely the canonical reference for the system (very high priority) ProPolice stack-smashing protection in the system compiler In a lot of ways, FreeBSD has the profile on an operating system with a larger user-base, and OpenBSD has the profile of an operating system more directed by a single man. (Theo da Raadt.) Each has advantages and disadvantages. FreeBSD has broader support, and OpenBSD has more focus. Theo has an inclination to make things simple for the users and stop them from shooting themselves in the feet, proverbially speaking, and keeping things secure, simple, stable, and working. Things like tweaking compiler options and tripping over your own feet to get your hands on the latest version of some piece of software are generally frowned on. In my experience, the OpenBSD community is much less tolerant of people who do not read the manuals and ask stupid questions. (Which I don't consider a bad thing.) FreeBSD has bigger 3rd party support, and fewer bugs simply because there are more people trying more potentially bug-revealing combinations of hardware and software and more people around to fix them. While you're exploring BSD's, don't forget NetBSD, which makes the comparison yet-more-complicated. ;) Unless you place a really high priority on something, like license-purity, this is largely a question of what you like. And it's hard to say without trying them all. I've spent a lot of time with FreeBSD, OpenBSD, and NetBSD, and in the end, it's all really a matter of taste. Use them both for a while and see what you like. -- Adam Fabian (afabian@austin.rr.com)